diff options
| author | Garming Sam <garming@catalyst.net.nz> | 2015-12-15 17:22:32 +1300 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2016-03-10 06:52:24 +0100 |
| commit | 5b10cc25be87978ad076b2dbf6e3dc6fdd4af140 (patch) | |
| tree | ec465d6de35243d4694e8355572323372cb60864 | |
| parent | 866bf51758efd1a63023440d33e202a3ff0876ba (diff) | |
| download | samba-5b10cc25be87978ad076b2dbf6e3dc6fdd4af140.tar.gz | |
CVE-2016-0771: tests/dns: restore formerly segfaulting test
This was on the client side, due the a strlen(NULL) on the previously
DOS-encoded TXT field. With a new IDL structure, this segfault no longer exists.
Note that both Samba and Windows return NXRRSET instead of FORMERR.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| -rw-r--r-- | python/samba/tests/dns.py | 51 |
1 files changed, 25 insertions, 26 deletions
diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py index 7fdb10e82f0..93fa564adb7 100644 --- a/python/samba/tests/dns.py +++ b/python/samba/tests/dns.py @@ -387,32 +387,31 @@ class TestDNSUpdates(DNSTest): # request is formatted. pass -# I'd love to test this one, but it segfaults. :) -# def test_update_prereq_with_non_null_length(self): -# "test update with a non-null length" -# p = self.make_name_packet(dns.DNS_OPCODE_UPDATE) -# updates = [] -# -# name = self.get_dns_domain() -# -# u = self.make_name_question(name, dns.DNS_QTYPE_SOA, dns.DNS_QCLASS_IN) -# updates.append(u) -# self.finish_name_packet(p, updates) -# -# prereqs = [] -# r = dns.res_rec() -# r.name = "%s.%s" % (os.getenv('SERVER'), self.get_dns_domain()) -# r.rr_type = dns.DNS_QTYPE_TXT -# r.rr_class = dns.DNS_QCLASS_ANY -# r.ttl = 0 -# r.length = 1 -# prereqs.append(r) -# -# p.ancount = len(prereqs) -# p.answers = prereqs -# -# response = self.dns_transaction_udp(p) -# self.assert_dns_rcode_equals(response, dns.DNS_RCODE_FORMERR) + def test_update_prereq_with_non_null_length(self): + "test update with a non-null length" + p = self.make_name_packet(dns.DNS_OPCODE_UPDATE) + updates = [] + + name = self.get_dns_domain() + + u = self.make_name_question(name, dns.DNS_QTYPE_SOA, dns.DNS_QCLASS_IN) + updates.append(u) + self.finish_name_packet(p, updates) + + prereqs = [] + r = dns.res_rec() + r.name = "%s.%s" % (os.getenv('SERVER'), self.get_dns_domain()) + r.rr_type = dns.DNS_QTYPE_TXT + r.rr_class = dns.DNS_QCLASS_ANY + r.ttl = 0 + r.length = 1 + prereqs.append(r) + + p.ancount = len(prereqs) + p.answers = prereqs + + response = self.dns_transaction_udp(p) + self.assert_dns_rcode_equals(response, dns.DNS_RCODE_FORMERR) def test_update_prereq_nonexisting_name(self): "test update with a nonexisting name" |